Hello
I'm using OC 1.5.6.4 and try to disable usage of mail.php if user is not logged, because I'm receiving lot of spam where in email header I see that mail.php is used to send emails. If I use "isLogged" inside mail.php, I think mail will be not sent (if user is not logged).
It can be also other option (instead of isLogged) - important is just that mail.php can not be used to send email without logging.
Thank you.
Are those spam emails being sent through the contact form?za miksica wrote: ↑Wed Sep 30, 2020 4:51 pmHello
I'm using OC 1.5.6.4 and try to disable usage of mail.php if user is not logged, because I'm receiving lot of spam where in email header I see that mail.php is used to send emails. If I use "isLogged" inside mail.php, I think mail will be not sent (if user is not logged).
It can be also other option (instead of isLogged) - important is just that mail.php can not be used to send email without logging.
Thank you.
I don't know.
I just see this in the email header:
X-PHP-Originating-Script: 0:mail.php
To me, it looks like spammers use "mail.php" to send email and I want to try to disable using of "mail.php" for unregistered customers.
Any idea how to do that?
Thank you.
I just see this in the email header:
X-PHP-Originating-Script: 0:mail.php
To me, it looks like spammers use "mail.php" to send email and I want to try to disable using of "mail.php" for unregistered customers.
Any idea how to do that?
Thank you.
The problem you will have is the mail class is also used by the admin side so won't be able to use the customer isLogged.
It would probably be easier to work out what part on the customer side is sending and add the isLogged check there. You should be able to work that out from the email subject.
It would probably be easier to work out what part on the customer side is sending and add the isLogged check there. You should be able to work that out from the email subject.
Hello
do you have some example of how to edit mail.php to know from where is mail.php used?
Thank you in advance.
do you have some example of how to edit mail.php to know from where is mail.php used?
Thank you in advance.
That methodology won't prevent SPAM. It will only prevent non-logged users to send emails as it won't prevent logged in users to send SPAMs and scripting are not prevented to be sent from automated logged in users with CSRF attacks.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Hello
Spam emails contain this in the email header:
X-PHP-Originating-Script: 0:mail.php
Question is - how to prevent sending spam emails using mail.php?
Obviously, spammers found a way to send emails using mail.php.
Actually, here is one spam email:
Thank you.
Spam emails contain this in the email header:
X-PHP-Originating-Script: 0:mail.php
Question is - how to prevent sending spam emails using mail.php?
Obviously, spammers found a way to send emails using mail.php.
Actually, here is one spam email:
Code: Select all
Received: from mail ([127.0.0.1]) by mydomain.com with
MailEnable ESMTP; Tue, 29 Sep 2020 22:03:10 +0200
Subject: =?UTF-8?B?RG90YXogUnViZW4=?=
To: email@mydomain.com
X-PHP-Originating-Script: 0:mail.php
MIME-Version: 1.0
Date: Tue, 29 Sep 2020 20:03:10 +0000
From: =?UTF-8?B?UnViZW4=?= <info@mydomain.com>
Reply-To: =?UTF-8?B?UnViZW4=?= <info@mydomain.com>
Return-Path: <info@mydomain.com>
X-Mailer: PHP/7.0.33
Content-Type: multipart/related; boundary="----=_NextPart_edb971570eb340da2a06bbae29c69d5a"
------=_NextPart_edb971570eb340da2a06bbae29c69d5a
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Hey there
Defrost frozen foods in minutes safely and naturally with our THAW KING™.
50% OFF for the next 24 Hours ONLY + FREE Worldwide Shipping for a LIMITED time
Buy now: thawking.online
------=_NextPart_edb971570eb340da2a06bbae29c69d5a--
If you can't work out what is sending the email from the subject, then probably the quickest way is to temporarily add.
To system/library/mail.php just after.
Then make sure display errors is off and log errors is on and every time the mail function is used you will see an entry in your error log telling you which controller called send.
If $_GET['route'] does not show anything then try $_SERVER['REQUEST_URI'].
Code: Select all
trigger_error('Mail route: ' . $_GET['route']);Code: Select all
public function send() {Code: Select all
PHP Notice: Mail route: information/contact in system/library/mail.php on line 50
Who is online
Users browsing this forum: Google [Bot] and 150 guests
